Develop Reference

How do I send mails from a self managed Gitlab server?

Thats a part of my Docker-Compose File. The problem is that the mails dont reach the users. Does someone knows why?
version: '3.6'
services:
web:
image: 'gitlab/gitlab-ee:latest'
restart: always
hostname: 'rainws02.tjema.local'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://rainws02.rain.local'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "rainex01.rain.local"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "gitlab#rainlocal"
gitlab_rails['smtp_password'] = "PASSWORD"
gitlab_rails['smtp_domain'] = "rain.local"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = false
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
gitlab_rails['gitlab_email_from'] = "gitlab#rain.local"
...

Gitlab-CE running in Docker-Container, but can't get Container Registry running

I have Gitlab-CE running in a Docker-Container and everything works fine, but I can't get the container-registry running.
This is my docker-compose.yml
web:
image: 'gitlab/gitlab-ce:latest'
restart: always
hostname: 'git.mydomain.com'
environment:
GITLAB_OMNIBUS_CONFIG: |
#SSL
external_url 'https://git.mydomain.com'
letsencrypt['enable'] = false
# nginx['redirect_http_to_https'] = true
#registry_nginx['redirect_http_to_https'] = true
#mattermost_nginx['redirect_http_to_https'] = true
#letsencrypt['enable'] = false
nginx['enable'] = true
nginx['listen'] = 443
nginx['client_max_body_size']='250m'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = '/etc/gitlab/ssl/git.mydomain.com.crt.pem'
nginx['ssl_certificate_key'] = '/etc/gitlab/ssl/git.mydomain.com.key.pem'
nginx['ssl_protocols']="TLSv1.1 TLSv1.2"
#ENABLE CONTAINER REGISTRY
registry_external_url = 'https://git.mydomain.com:4567'
registry_nginx['listen_port'] = 4567
registry_nginx['listen_https'] = false
#gitlab_rails['registry_path'] = "/var/gitlab/gitlab-rails/shared/registry"
#gitlab_rails['gitlab_default_projects_features_container_registry'] = true
#registry_enable = true
#registry_nginx['enable'] = true
#gitlab_rails['lfs_enabled'] = true
#registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/git.mydomain.com.crt.pem'"
#registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/git.mydomain.com.key.pem"
#SMTP
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = 'smtp.mydomain.de'
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = 'me#mydomain.com'
gitlab_rails['smtp_password'] = '...'
gitlab_rails['smtp_domain'] = 'https://com.mydomain.de'
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'none'
# If your SMTP server does not like the default 'From: gitlab#localhost' you
# can change the 'From' with this setting.
gitlab_rails['gitlab_email_from'] = 'gitlab#mydomain.com'
gitlab_rails['gitlab_email_reply_to'] = 'noreply#mydomain.com'
# Add any other gitlab.rb configuration here, each on its own line
ports:
- '443:443'
- '80:80'
- '4567:4567'
volumes:
- '/srv/gitlab/config:/etc/gitlab'
- '/srv/gitlab/config/ssl:/etc/gitlab/ssl'
- '/srv/gitlab/logs:/var/log/gitlab'
- '/srv/gitlab/data:/var/opt/gitlab'
The commented lines regarding the container-registry I hava already tried in all possible combinations,with no effort. In some cases gitlab runs but without container-registry, and in other cases gitlab fails to start.
what am I missing?

Docker-Compose stack with jwilder/nginx-proxy and nginxproxy/acme-companion produces cert with wrong common name

I expect the docker-compose.yml below to create a cert with the common name dev.redacted.com, but the cn is letsencrypt-nginx-proxy-companion–and I do not understand why, as I specify the CERT_NAME in the service I'd like to bring up.
Any hints?
version: '3.1'
services:
frontproxy:
restart: always
image: jwilder/nginx-proxy
container_name: frontproxy
labels:
com.github.nginxproxy.acme-companion.frontproxy: 'true'
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "certs-volume:/etc/nginx/certs:ro"
- "/etc/nginx/vhost.d"
- "/usr/share/nginx/html"
nginx-letsencrypt-companion:
restart: always
image: nginxproxy/acme-companion
environment:
NGINX_PROXY_CONTAINER: "frontproxy"
volumes:
- "certs-volume:/etc/nginx/certs"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
depends_on:
- "frontproxy"
gitlab:
image: gitlab/gitlab-ce:latest
restart: always
hostname: 'dev.redacted.ch'
environment:
VIRTUAL_HOST: 'dev.redacted.ch'
LETSENCRYPT_HOST: 'dev.redacted.ch'
LETSENCRYPT_EMAIL: 'admin#redacted.ch'
VIRTUAL_PROTO: 'https'
VIRTUAL_PORT: '443'
CERT_NAME: 'dev.redacted.ch'
GITLAB_SKIP_UNMIGRATED_DATA_CHECK: 'true'
GITLAB_OMNIBUS_CONFIG: |
# Email setup
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'admin#redacted.ch'
gitlab_rails['gitlab_email_display_name'] = 'Gitlab#Redacted'
gitlab_rails['gitlab_email_reply_to'] = 'admin#redacted.ch'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = 'mail.cyon.ch'
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = 'admin#redacted.ch'
gitlab_rails['smtp_password'] = 'redacted'
gitlab_rails['smtp_domain'] = 'cyon.ch'
gitlab_rails['smtp_authentication'] = 'login'
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['gitlab_root_email'] = 'admin#redacted.ch'
# HTTPS Setup
letsencrypt['enable'] = false
external_url 'https://dev.redacted.ch'
gitlab_rails['gitlab_https'] = true
gitlab_rails['gitlab_port'] = 443
ports:
- '22:22'
volumes:
- ./config:/etc/gitlab
- ./logs:/var/log/gitlab
- ./data:/var/opt/gitlab
volumes:
certs-volume:

Duplicate timestamps values in grafana and thanos datasource showing single timestamp value

Grafana showing duplicate timestamps values and Thanos showing the correct single timestamp value. I'm hitting a single curl request for application API Thanos showing the correct value but when I'm running the same query in grafana it shows two count values. I'm using telegraf agent for collecting metrics in prometheus.
My whole setup is running in Kubernetes and I'm using telegraf statsd for application monitoring.
Telegraf conf >>
[agent]
interval = "15s"
round_interval = true
metric_batch_size = 1000
metric_buffer_limit = 10000
flush_buffer_when_full = true
collection_jitter = "0s"
flush_interval = "1s"
flush_jitter = "0s"
quiet = false
debug = false
logfile = "/var/log/telegraf/telegraf.log"
logfile_rotation_max_size = "10MB"
logfile_rotation_max_archives = 5
hostname = "${HOSTNAME}"
[global_tags]
dc = "${datacenter}"
component = "k8s"
role = "node"
job = "${job}"
service = "containerorchestration"
subcomponent = "worker"
organization = "${organization}"
environment = "${environment}"
environmentversion = "${environmentversion}"
infraversion = "${infraversion}"
[[inputs.cpu]]
percpu = false
totalcpu = true
fielddrop = ["time_*"]
[[inputs.disk]]
ignore_fs = ["tmpfs", "devtmpfs", "devfs", "overlay", "aufs", "squashfs"]
[[inputs.diskio]]
[[inputs.kernel]]
[[inputs.mem]]
[[inputs.processes]]
[[inputs.swap]]
[[inputs.system]]
[[inputs.net]]
fielddrop = ["icmp_*", "icmpmsg_*", "tcp_*", "udp_*", "udplite_*", "ip_*"]
[[inputs.netstat]]
[[inputs.linux_sysctl_fs]]
[[outputs.prometheus_client]]
listen = ":9273"
metric_version = 2
path = "/metrics"
expiration_interval = "16s"
export_timestamp = true
Telegraf statd conf >>
[[inputs.statsd]]
protocol = "udp"
max_tcp_connections = 250
tcp_keep_alive = false
service_address = ":8130"
delete_gauges = true
delete_counters = true
delete_sets = true
delete_timings = true
parse_data_dog_tags = true
percentiles = [90.0, 95.0, 99.0]
metric_separator = "_"
datadog_extensions = true
allowed_pending_messages = 10000
percentile_limit = 1000
And Prometheus job conf >
- job_name: 'ec2-telegraf'
sample_limit: 4000
metrics_path: '/metrics'
scrape_interval: '15s'
ec2_sd_configs:
- region: "XXXXXXX"
profile: "XXXXXXXXXX"
role_arn: XXXXXXXXXXXXXXX
refresh_interval: 100s
port: 9273
filters:
- name: instance-state-name
values:
- running
- name: tag:Environment
values:
- performance
relabel_configs:
- source_labels: [__meta_ec2_tag_Businessunit]
target_label: businessunit
- source_labels: [__meta_ec2_tag_Environment]
target_label: environment
- source_labels: [__meta_ec2_tag_Techteam]
target_label: techteam
- source_labels: [__meta_ec2_tag_component]
target_label: component
- source_labels: [__meta_ec2_tag_subcomponent]
target_label: subcomponent
- source_labels: [__meta_ec2_tag_role]
target_label: role
- source_labels: [__meta_ec2_tag_aws_autoscaling_groupName]
target_label: asgname
- source_labels: [__meta_ec2_tag_Service]
target_label: service
Need help, please share the suggestion.
Thanks

Liferay 7.3 on Docker with Elasticsearch - Connection refused

I have a problem with Liferay + Elasticsearch setup with docker-compose. When starting the compose bundle Liferay complains that it cannot connect to remote elasticsearch instance with exception:
2020-11-15 21:39:55.042 ERROR [main][ElasticsearchEngineConfigurator:93] bundle com.liferay.portal.search.elasticsearch7.impl:2.0.30 (655)[com.liferay.portal.search.elasticsearch7.internal.ElasticsearchEngineConfigurator(1604)] : The activate method has thrown an exception
java.lang.RuntimeException: java.net.ConnectException: Connection refused
at com.liferay.portal.search.elasticsearch7.internal.search.engine.adapter.cluster.HealthClusterRequestExecutorImpl.getClusterHealthResponse(HealthClusterRequestExecutorImpl.java:102)
at com.liferay.portal.search.elasticsearch7.internal.search.engine.adapter.cluster.HealthClusterRequestExecutorImpl.execute(HealthClusterRequestExecutorImpl.java:49)
at com.liferay.portal.search.elasticsearch7.internal.search.engine.adapter.cluster.ElasticsearchClusterRequestExecutor.executeClusterRequest(ElasticsearchClusterRequestExecutor.java:51)
at com.liferay.portal.search.engine.adapter.cluster.HealthClusterRequest.accept(HealthClusterRequest.java:40)
at com.liferay.portal.search.engine.adapter.cluster.HealthClusterRequest.accept(HealthClusterRequest.java:22)
at com.liferay.portal.search.elasticsearch7.internal.search.engine.adapter.cluster.ElasticsearchClusterRequestExecutor.execute(ElasticsearchClusterRequestExecutor.java:44)
at com.liferay.portal.search.elasticsearch7.internal.search.engine.adapter.ElasticsearchSearchEngineAdapterImpl.execute(ElasticsearchSearchEngineAdapterImpl.java:69)
at com.liferay.portal.search.elasticsearch7.internal.ElasticsearchSearchEngine.waitForYellowStatus(ElasticsearchSearchEngine.java:334)
at com.liferay.portal.search.elasticsearch7.internal.ElasticsearchSearchEngine.initialize(ElasticsearchSearchEngine.java:109)
at com.liferay.portal.kernel.search.SearchEngineProxyWrapper.initialize(SearchEngineProxyWrapper.java:59)
at com.liferay.portal.search.elasticsearch7.internal.BaseSearchEngineConfigurator.setSearchEngine(BaseSearchEngineConfigurator.java:500)
at com.liferay.portal.search.elasticsearch7.internal.BaseSearchEngineConfigurator.initSearchEngine(BaseSearchEngineConfigurator.java:407)
at com.liferay.portal.search.elasticsearch7.internal.BaseSearchEngineConfigurator.initialize(BaseSearchEngineConfigurator.java:341)
at com.liferay.portal.search.elasticsearch7.internal.ElasticsearchEngineConfigurator.activate(ElasticsearchEngineConfigurator.java:52)
# Loong stack trace with Casued by "java.net.ConnectException: Connection refused"
At the same time I can connect via curl to the machines and they respond:
liferay#a4b06641f395 /opt/liferay
$ curl es-node-1:9200
{
"name" : "es-node-1",
"cluster_name" : "docker-elasticsearch",
"cluster_uuid" : "iUW--n_ORe-zv40sBzUdpQ",
"version" : {
"number" : "7.9.3",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "c4138e51121ef06a6404866cddc601906fe5c868",
"build_date" : "2020-10-16T10:36:16.141335Z",
"build_snapshot" : false,
"lucene_version" : "8.6.2",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
liferay#a4b06641f395 /opt/liferay
$ curl es-node-1:9300
curl: (1) Received HTTP/0.9 when not allowed
I have following docker-compose.yml file:
version: '3.2'
services:
web:
image: liferay/portal:7.3.4-ga5
ports:
- "3002:8080"
depends_on:
- appdb
- liferaydb
- es-node-1
- es-node-2
environment:
LIFERAY_LIFERAY_PERIOD_HOME: /opt/liferay
LIFERAY_JDBC_PERIOD_DEFAULT_PERIOD_DRIVER_UPPERCASEC_LASS_UPPERCASEN_AME: com.mysql.cj.jdbc.Driver
LIFERAY_JDBC_PERIOD_DEFAULT_PERIOD_USERNAME: user
LIFERAY_JDBC_PERIOD_DEFAULT_PERIOD_URL: jdbc:mysql://liferaydb/liferay_db?useFastDateParsing=false
LIFERAY_JDBC_PERIOD_DEFAULT_PERIOD_PASSWORD: user_pass
LIFERAY_PASSWORDS_PERIOD_ENCRYPTION_PERIOD_ALGORITHM_PERIOD_LEGACY: SHA
LIFERAY_WEB_PERIOD_SERVER_PERIOD_HTTP_PERIOD_PORT: 8080
LIFERAY_WEB_PERIOD_SERVER_PERIOD_PROTOCOL: http
LIFERAY_WEB_PERIOD_SERVER_PERIOD_HOST: liferay.dev
LIFERAY_LIVE_PERIOD_USERS_PERIOD_ENABLED: 1
volumes:
- ${PWD}/static/portal-ext.properties:/opt/liferay/portal-ext.properties
- ${PWD}/deploy:/opt/liferay/deploy
- ${PWD}/data/VAADIN:/opt/liferay/tomcat/webapps/ROOT/html/VAADIN
- ${PWD}/static/ElasticsearchConfiguration.config:/opt/liferay/osgi/configs/com.liferay.portal.search.elasticsearch7.configuration.ElasticsearchConfiguration.config
appdb:
image: mysql:5.7
environment:
MYSQL_ROOT_PASSWORD: root_pass
MYSQL_DATABASE: portlet_db
MYSQL_USER: user
MYSQL_PASSWORD: user_pass
volumes:
- ${PWD}/data/appdb:/var/lib/mysql
liferaydb:
image: mysql:5.7
environment:
MYSQL_ROOT_PASSWORD: root_pass
MYSQL_DATABASE: liferay_db
MYSQL_USER: user
MYSQL_PASSWORD: user_pass
volumes:
- ${PWD}/data/liferaydb:/var/lib/mysql
es-node-1:
image: docker.elastic.co/elasticsearch/elasticsearch:7.9.3
environment:
- node.name=es-node-1
- cluster.name=docker-elasticsearch
- bootstrap.memory_lock=true
- discovery.seed_hosts=es-node-2
- cluster.initial_master_nodes=es-node-1,es-node-2
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
deploy:
resources:
limits:
memory: 1g
volumes:
- esdata1:/usr/share/elasticsearch/data
ports:
- 9200:9200
es-node-2:
image: docker.elastic.co/elasticsearch/elasticsearch:7.9.3
environment:
- node.name=es-node-2
- cluster.name=docker-elasticsearch
- bootstrap.memory_lock=true
- discovery.seed_hosts=es-node-1
- cluster.initial_master_nodes=es-node-1,es-node-2
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- esdata2:/usr/share/elasticsearch/data
volumes:
esdata1:
esdata2:
Contents of portal-ext.properties define data source for my portlet:
jdbc.ext.driverClassName=com.mysql.cj.jdbc.Driver
jdbc.ext.url=jdbc:mysql://appdb:3306/portlet_db
jdbc.ext.username=user
jdbc.ext.password=user_pass
Contents of ElasticsearchConfiguration.config define connection to Elastic:
operationMode=REMOTE
transportAddresses=["es-node-1:9300","es-node-2:9300"]
clusterName=docker-elasticsearch
logExceptionsOnly=true
Does anybody have any idea what is wrong? I tried with and without quotes in the .config file but I doesn't seem to work.
Ps. As recommended I asked the same question on Liferay forums:
https://liferay.dev/ask#/questions/portal/liferay-7-3-on-docker-with-elasticsearch-connection-refused

I had same problem. I solve it:
useful link: https://learn.liferay.com/dxp/latest/en/using-search/installing-and-upgrading-a-search-engine/elasticsearch/exercise-run-liferay-and-elasticsearch-using-docker.html
your db configs is OK.
docker-compose.yml:
liferay:
image: liferay/portal:7.3.7-ga8
container_name: liferay
user: '1000'
networks:
- mynetwork
volumes:
- ./liferay/data:/opt/liferay/data
- ./liferay/deploy:/opt/liferay/deploy
- ./liferay/conf/portal-ext.properties:/opt/liferay/portal-ext.properties
# - ./liferay/conf/osgi/configs:/opt/liferay/osgi/configs
- type: bind
source: ./liferay/conf/osgi/configs
target: /opt/liferay/osgi/configs
# - ./liferay/conf/osgi/modules/*.jar:/home/liferay/osgi/modules
# - ./liferay/conf/tomcat/bin/setenv.sh:/home/liferay/tomcat/bin/setenv.sh
# - ./liferay/conf/tomcat/lib/ext/*.jar:/home/liferay/tomcat/lib/ext
# - ./liferay/conf/tomcat/conf/context.xml:/home/liferay/tomcat/conf
depends_on:
- db
- elasticsearch
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.14.0
container_name: elasticsearch
volumes:
- type: bind
source: ./elasticsearch/config/elasticsearch.yml
target: /usr/share/elasticsearch/config/elasticsearch.yml
read_only: true
- ./elasticsearch/data:/usr/share/elasticsearch/data
- ./elasticsearch/plugins:/plugins
ports:
- "9200:9200"
- "9300:9300"
environment:
ES_JAVA_OPTS: "-Xmx256m -Xms256m"
ELASTIC_PASSWORD: 'YOUR-ES-PASSWORD'
# Use single node discovery in order to disable production mode and avoid bootstrap checks.
# see: https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html
discovery.type: single-node
ingest.geoip.downloader.enabled: 'false'
networks:
- mynetwork
deploy:
resources:
limits:
memory: 2G
elasticsearch.yml:
cluster.name: "LiferayElasticsearchCluster"
node.name: elasticsearch
network.host: 0.0.0.0
ingest.geoip.downloader.enabled: false # optional
xpack.security.enabled: false
lifray_container: /opt/liferay/osgi/configs/com.liferay.portal.search.elasticsearch7.configuration.ElasticsearchConfiguration.config :
additionalConfigurations = ""
additionalIndexConfigurations = ""
additionalTypeMappings = ""
authenticationEnabled = B"true"
bootstrapMlockAll = B"false"
clusterName = "LiferayElasticsearchCluster"
discoveryZenPingUnicastHostsPort = "9300-9400"
embeddedHttpPort = I"9201"
httpCORSAllowOrigin = "/https?:\\/\\/localhost(:[0-9]+)?/"
httpCORSConfigurations = ""
httpCORSEnabled = B"true"
httpSSLEnabled = B"false"
indexNamePrefix = "liferay-"
indexNumberOfReplicas = ""
indexNumberOfShards = ""
logExceptionsOnly = B"true"
networkBindHost = ""
networkHost = ""
networkHostAddresses = [\
"http://elasticsearch:9200"\ #place you can enter your elastic server addresses
]
networkPublishHost = ""
nodeName = ""
operationMode = "REMOTE"
overrideTypeMappings = ""
password = "YOUR-ES-PASSWORD"
productionModeEnabled = B"true"
proxyHost = ""
proxyPort = I"0"
proxyUserName = ""
remoteClusterConnectionId = ""
restClientLoggerLevel = "ERROR"
sidecarDebug = B"false"
sidecarDebugSettings = "-agentlib:jdwp\=transport\=dt_socket,address\=8001,server\=y,suspend\=y,quiet\=y"
sidecarHeartbeatInterval = L"10000"
sidecarHome = "elasticsearch7"
sidecarHttpPort = ""
sidecarJVMOptions = [\
"-Xms1g",\
"-Xmx1g",\
"-XX:+AlwaysPreTouch"\
]
sidecarShutdownTimeout = L"10000"
trackTotalHits = B"true"
transportTcpPort = ""
truststorePath = "/path/to/localhost.p12"
truststoreType = "pkcs12"
username = "elastic"
before run liferay, please run elastic container and run this command:
docker-compose exec -it elasticsearch bash -c '/usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-icu && /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-kuromoji && /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-smartcn && /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-stempel'
also you can create custom image that installs automatically those plugins on image.
I hope this codes help you. (sorry for my terrible English)